package com.xiaohudie.Controller;

import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PostAuthorize;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
@RequestMapping("/test")
public class SpringSecurityController {
 @GetMapping("/hello")
 public String hello(){
     return "Hello";
 }
 @GetMapping("/index")
    public String index(){
     return "hello index";
 }
    @GetMapping("/update")
    /**验证角色*/
    //@Secured("ROLE_sale")
    /**进入方法之前进行验证,发现有没有权限来进行操作的权限
     * 验证权限*/
    //@PreAuthorize("hasAnyAuthority('admins')")
    /**在方法执行之后在进行校验*/
    @PostAuthorize("hasAnyAuthority('admins')")
    public String update(){
        System.out.printf("有权限");
     return "hello update";
    }
}
